Commit 19109267 authored by Leo's avatar Leo Committed by Natanael Copa

main/wavpack: fix a few CVEs

ref #10756
parent 9490e53a
......@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wavpack
pkgver=5.1.0
pkgrel=3
pkgrel=4
pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
url="http://www.wavpack.com/"
arch="all"
......@@ -18,10 +18,19 @@ source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2
CVE-2018-10538_10539_10540.patch
CVE-2018-19840.patch
CVE-2018-19841.patch
CVE-2019-1010315.patch
CVE-2019-11498.patch
CVE-2019-1010317.patch
CVE-2019-1010319.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 5.1.0-r4:
# - CVE-2019-1010319
# - CVE-2019-1010317
# - CVE-2019-1010315
# - CVE-2019-11498
# 5.1.0-r3:
# - CVE-2018-19840
# - CVE-2018-19841
......@@ -79,4 +88,8 @@ sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f4
fd7ff58c53f9b4cec335e36017c5b1709c5526a2d44a54dfbeb050ea303997418d1fa312ebe39f521a35a6f2151b8a0f5845ee9bf6bbda22bef036e9fc0166a5 CVE-2018-10536_10537.patch
a59eff2a8f47d4383f33667e7737f5e2e639778b367340169f1c5d6335c8948cfd8e1a7554e8b6c05a59d80a04048cf137c0f4fdfd88d2d88757404d3dac31ee CVE-2018-10538_10539_10540.patch
67d02dd744c638d126cf5a894d1ff2c39726bd4d3771ef7410ea782e5c9a0f9341909432bd4bea9b8959891c38699601c1aac2da6e0eaddaa5a4d679e7f58dd2 CVE-2018-19840.patch
dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6 CVE-2018-19841.patch"
dba007fa8cb2537b6f6c8ee559a98e501e948260ce7e7af7d3fdc8c9145bbbbf85c8fed8030de354459c4b08d3015a0ea769a948636bdfd66e567c0a2d2493c6 CVE-2018-19841.patch
46d0fb4483e5ea824b1bce67f2ea76894e16b3f86cd28f234c1e393ea1d859ac304f44f22a7e32cdfbd83ff83d99fc147e0f9de932ee674c4f565cc92e279c28 CVE-2019-1010315.patch
30ad915f481eef07737cb95e44c1988441b72d0fc6731c4e48b391deb44168ad7536e0e7c3c9363e18f27814cade4c784e9a61e6a46e103aa88db0b42cef57e3 CVE-2019-11498.patch
91b0fdefdfe2a3f135f3fdf947b43a7bc347e4cd21804d0e4997066997a32bc9bb218cc2ef6b1733c011d83c22035efd22cf993b7af5d0fa540441a3e9685c3c CVE-2019-1010317.patch
a180c662d41e96913b946782ae4679b944029d0d62161a7fc204c0b2ff898409a375a33d2376885fe425c449128de61f161867d1c264120682c0708aeea2d21e CVE-2019-1010319.patch"
From 4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Sat, 2 Mar 2019 18:37:14 -0800
Subject: [PATCH] issue #65: make sure DSDIFF files have a valid channel count
---
cli/dsdiff.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 0ac4321..f357181 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -180,7 +180,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
if (!strncmp (prop_chunk, "SND ", 4)) {
char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
- uint16_t numChannels, chansSpecified, chanMask = 0;
+ uint16_t numChannels = 0, chansSpecified, chanMask = 0;
uint32_t sampleRate;
while (eptr - cptr >= sizeof (dff_chunk_header)) {
@@ -279,6 +279,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
free (prop_chunk);
}
else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
+
+ if (!config->num_channels) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
break;
}
From f68a9555b548306c5b1ee45199ccdc4a16a6101b Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Mon, 4 Mar 2019 21:09:41 -0800
Subject: [PATCH] issue #66: make sure CAF files have a "desc" chunk
---
cli/caff.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/cli/caff.c b/cli/caff.c
index 2a5e2d9..a35da74 100644
--- a/cli/caff.c
+++ b/cli/caff.c
@@ -152,7 +152,7 @@ static struct {
int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
{
- uint32_t chan_chunk = 0, channel_layout = 0, bcount;
+ uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
unsigned char *channel_identities = NULL;
unsigned char *channel_reorder = NULL;
int64_t total_samples = 0, infilesize;
@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
}
WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
+ desc_chunk = 1;
if (debug_logging_mode) {
char formatstr [5];
@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) { // on the data chunk, get size and exit loop
uint32_t mEditCount;
- if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
+ if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
bcount != sizeof (mEditCount)) {
error_line ("%s is not a valid .CAF file!", infilename);
return WAVPACK_SOFT_ERROR;
From 33a0025d1d63ccd05d9dbaa6923d52b1446a62fe Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Mar 2019 21:21:48 -0800
Subject: [PATCH] issue #68: clear WaveHeader at start to prevent uninitialized
read
---
cli/wave64.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/cli/wave64.c b/cli/wave64.c
index 7beffe6..59548b1 100644
--- a/cli/wave64.c
+++ b/cli/wave64.c
@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
int format_chunk = 0;
uint32_t bcount;
+ CLEAR (WaveHeader);
infilesize = DoGetFileSize (infile);
memcpy (&filehdr, fourcc, 4);
From bc6cba3f552c44565f7f1e66dc1580189addb2b4 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Mar 2019 21:32:27 -0800
Subject: [PATCH] issue #67: make sure sample rate is specified and non-zero in
DFF files
---
cli/dsdiff.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index f357181..193adee 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -181,7 +181,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
if (!strncmp (prop_chunk, "SND ", 4)) {
char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
uint16_t numChannels = 0, chansSpecified, chanMask = 0;
- uint32_t sampleRate;
+ uint32_t sampleRate = 0;
while (eptr - cptr >= sizeof (dff_chunk_header)) {
memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
@@ -280,7 +280,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
}
else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
- if (!config->num_channels) {
+ if (!config->num_channels || !config->sample_rate) {
error_line ("%s is not a valid .DFF file!", infilename);
return WAVPACK_SOFT_ERROR;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment